SlideShare a Scribd company logo

A Strategy for Addressing Cyber Security Challenges

Talk that Prof. Mustaque Ahamad from GaTech gave at Global Cybersecurity Leaders Program http://www.cisoacademy.com/gclp2-prof-mustaque-ahamad-april-2015/

1 of 16
Download to read offline
A	
  Strategy	
  for	
  Addressing	
  Cyber	
  
Security	
  Challenges	
  
Mustaque	
  Ahamad	
  
Professor	
  of	
  Computer	
  Science,	
  Georgia	
  Ins>tute	
  of	
  Technology	
  
Global	
  Professor	
  of	
  Engineering,	
  New	
  York	
  University	
  Abu	
  Dhabi	
  
Co-­‐founder	
  and	
  Chief	
  Scien>st,	
  Pindrop	
  Security	
  
A	
  Couple	
  of	
  Observa>ons	
  
•  Cyber	
  security	
  has	
  become	
  an	
  extremely	
  
important	
  problem	
  for	
  people,	
  businesses	
  and	
  
governments.	
  
•  Addressing	
  cyber	
  security	
  challenges	
  presents	
  
serious	
  challenges.	
  
•  Cyber	
  now	
  reaches	
  into	
  cri>cal	
  physical	
  
systems.	
  
•  Cyber	
  security	
  is	
  going	
  to	
  be	
  a	
  journey,	
  not	
  a	
  
des>na>on.	
  
Are	
  Things	
  Really	
  Bad?	
  
•  Growing	
  sophis>ca>on	
  of	
  the	
  threat	
  landscape	
  
–  Cyber	
  criminals,	
  hack>vits,	
  terrorists	
  and	
  na>on-­‐states	
  
–  Cyber	
  crime	
  costs	
  are	
  reaching	
  half	
  a	
  trillion	
  dollars	
  (In	
  
India,	
  0.21%	
  of	
  GDP,	
  McAfee	
  2014	
  Report)	
  
–  Greatest	
  transfer	
  of	
  wealth	
  (Keith	
  Alexander,	
  
hXp://foreignpolicy.com/2012/07/09/nsa-­‐chief-­‐cybercrime-­‐cons>tutes-­‐the-­‐greatest-­‐transfer-­‐of-­‐wealth-­‐in-­‐history/	
  )	
  
•  Complex	
  technology	
  ecosystem	
  
–  “Reflec>ons	
  on	
  trus>ng	
  trust”	
  
•  People,	
  processes	
  and	
  coordina>on	
  across	
  
mul>ple	
  stakeholders	
  
	
  
Threats	
  +	
  Vulnerabili>es	
  =>	
  AXacks	
  
•  Can	
  we	
  make	
  threats	
  go	
  away?	
  
•  AXribu>on	
  is	
  extremely	
  difficult	
  
•  Global	
  and	
  transna>onal	
  
•  How	
  can	
  we	
  address	
  vulnerabili>es?	
  
•  Security	
  errors	
  in	
  sofware	
  (over	
  1700	
  entries	
  in	
  NVD	
  in	
  last	
  
3	
  months)	
  
•  Asymmetry	
  –	
  aXackers	
  only	
  need	
  to	
  find	
  one	
  bug,	
  we	
  need	
  
to	
  fix	
  all	
  
•  People	
  are	
  weak	
  links	
  
•  Only	
  higher	
  assurance,	
  no	
  perfect	
  security	
  
–  Stronger	
  preven>on	
  and	
  early	
  detec>on	
  
–  	
  Faster	
  recovery	
  and	
  remedia>on	
  
So,	
  What	
  Can	
  We	
  Do?	
  
•  Educa>on	
  
– Developing	
  the	
  “security	
  mindset”	
  
– Undergraduate	
  and	
  graduate	
  programs	
  
•  Research	
  
– Rapidly	
  evolving	
  field	
  
•  Policy,	
  legal	
  and	
  regula>on	
  
– It	
  is	
  much	
  more	
  than	
  technology	
  
Educa>ng	
  Cyber	
  Security	
  Professionals	
  
•  US	
  Na>onal	
  Ini>a>ve	
  for	
  Cybersecurity	
  
Educa>on	
  (NICE)	
  hXp://csrc.nist.gov/nice/framework/	
  
	
  
Ad

Recommended

Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Cybersecurity Education and Research Centre
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...BCM Institute
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesSlideTeam
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 

More Related Content

What's hot

How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira  about Artificial Intelligence to cyber securityWhitepaper Avira  about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyShawn Riley
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chainaletarw
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...Aladdin Dandis
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
 

What's hot (20)

How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber security
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guide
 
WhyNormShield
WhyNormShieldWhyNormShield
WhyNormShield
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira  about Artificial Intelligence to cyber securityWhitepaper Avira  about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber security
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis Methodology
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_Jun
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 

Viewers also liked

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramBGA Cyber Security
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 

Viewers also liked (7)

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Webinar ISO 27001 informatiebeveiliging: revisie, certificering en implementa...
Webinar ISO 27001 informatiebeveiliging: revisie, certificering en implementa...Webinar ISO 27001 informatiebeveiliging: revisie, certificering en implementa...
Webinar ISO 27001 informatiebeveiliging: revisie, certificering en implementa...
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response Program
 
Ch14 Policies and Legislation
Ch14 Policies and LegislationCh14 Policies and Legislation
Ch14 Policies and Legislation
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 

Similar to A Strategy for Addressing Cyber Security Challenges

Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...DETER-Project
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE360 BSI
 
2018 OPM Cybersecurity Career Day - Protect & Defend
2018 OPM Cybersecurity Career Day - Protect & Defend2018 OPM Cybersecurity Career Day - Protect & Defend
2018 OPM Cybersecurity Career Day - Protect & DefendBrian Andrzejewski
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...360 BSI
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training CourseRicky Lionel Vaz
 
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...Florence Hudson
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTHAwais Shibli
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...360 BSI
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxucisa
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Priyanka Aash
 
Trustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveTrustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveVon Welch
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Scientific Software Challenges and Community Responses
Scientific Software Challenges and Community ResponsesScientific Software Challenges and Community Responses
Scientific Software Challenges and Community ResponsesDaniel S. Katz
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaRegional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaMartin M
 
Responsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksResponsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksLiming Zhu
 
SMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North AmericaSMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North AmericaDale Butler
 
NSF SI2 program discussion at 2014 SI2 PI meeting
NSF SI2 program discussion at 2014 SI2 PI meetingNSF SI2 program discussion at 2014 SI2 PI meeting
NSF SI2 program discussion at 2014 SI2 PI meetingDaniel S. Katz
 
Improving cyber security using biosecurity experience
Improving cyber security using biosecurity experienceImproving cyber security using biosecurity experience
Improving cyber security using biosecurity experienceNorman Johnson
 

Similar to A Strategy for Addressing Cyber Security Challenges (20)

Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
 
2018 OPM Cybersecurity Career Day - Protect & Defend
2018 OPM Cybersecurity Career Day - Protect & Defend2018 OPM Cybersecurity Career Day - Protect & Defend
2018 OPM Cybersecurity Career Day - Protect & Defend
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training Course
 
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTH
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptx
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
 
Trustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveTrustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade Perspective
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Scientific Software Challenges and Community Responses
Scientific Software Challenges and Community ResponsesScientific Software Challenges and Community Responses
Scientific Software Challenges and Community Responses
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaRegional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
 
Responsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksResponsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risks
 
SMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North AmericaSMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North America
 
NSF SI2 program discussion at 2014 SI2 PI meeting
NSF SI2 program discussion at 2014 SI2 PI meetingNSF SI2 program discussion at 2014 SI2 PI meeting
NSF SI2 program discussion at 2014 SI2 PI meeting
 
Improving cyber security using biosecurity experience
Improving cyber security using biosecurity experienceImproving cyber security using biosecurity experience
Improving cyber security using biosecurity experience
 

More from Cybersecurity Education and Research Centre

Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Cybersecurity Education and Research Centre
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014Cybersecurity Education and Research Centre
 

More from Cybersecurity Education and Research Centre (16)

Automated Methods for Identity Resolution across Online Social Networks
Automated Methods for Identity Resolution across Online Social NetworksAutomated Methods for Identity Resolution across Online Social Networks
Automated Methods for Identity Resolution across Online Social Networks
 
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
 
Video Inpainting detection using inconsistencies in optical Flow
Video Inpainting detection using inconsistencies in optical FlowVideo Inpainting detection using inconsistencies in optical Flow
Video Inpainting detection using inconsistencies in optical Flow
 
TASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet InfrastructureTASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet Infrastructure
 
Identification and Analysis of Malicious Content on Facebook: A Survey
Identification and Analysis of Malicious Content on Facebook: A SurveyIdentification and Analysis of Malicious Content on Facebook: A Survey
Identification and Analysis of Malicious Content on Facebook: A Survey
 
Clotho : Saving Programs from Malformed Strings and Incorrect
Clotho : Saving Programs from Malformed Strings and IncorrectClotho : Saving Programs from Malformed Strings and Incorrect
Clotho : Saving Programs from Malformed Strings and Incorrect
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling�Clotho: Saving Programs from Malformed Strings and Incorrect String-handling�
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
 
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing PageEmerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
 
Securing the Digital Enterprise
Securing the Digital EnterpriseSecuring the Digital Enterprise
Securing the Digital Enterprise
 
Broker Bots: Analyzing automated activity during High Impact Events on Twitter
Broker Bots: Analyzing automated activity during High Impact Events on TwitterBroker Bots: Analyzing automated activity during High Impact Events on Twitter
Broker Bots: Analyzing automated activity during High Impact Events on Twitter
 
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Exploration of gaps in Bitly's spam detection and relevant countermeasures
Exploration of gaps in Bitly's spam detection and relevant countermeasuresExploration of gaps in Bitly's spam detection and relevant countermeasures
Exploration of gaps in Bitly's spam detection and relevant countermeasures
 
The future of interaction & its security challenges
The future of interaction & its security challengesThe future of interaction & its security challenges
The future of interaction & its security challenges
 

Recently uploaded

HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...htrindia
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringMassimo Talia
 
"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura RochniakFwdays
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr TsapFwdays
 
Power of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfPower of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfkatalinjordans1
 
Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?MENGSAYLOEM1
 
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro KozhevinFwdays
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...Fwdays
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxNeo4j
 
"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys Vasyliev"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys VasylievFwdays
 
Introduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVAIntroduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVARobert McDermott
 
Campotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotelPhilippines
 
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxVotarikari Shravan
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanDatabarracks
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor FesenkoFwdays
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIEDanBrown980551
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolProduct School
 
My sample product research idea for you!
My sample product research idea for you!My sample product research idea for you!
My sample product research idea for you!KivenRaySarsaba
 
Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsEvangelia Mitsopoulou
 
Apex Replay Debugger and Salesforce Platform Events.pptx
Apex Replay Debugger and Salesforce Platform Events.pptxApex Replay Debugger and Salesforce Platform Events.pptx
Apex Replay Debugger and Salesforce Platform Events.pptxmohayyudin7826
 

Recently uploaded (20)

HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineering
 
"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
 
Power of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfPower of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdf
 
Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?
 
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
 
"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys Vasyliev"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys Vasyliev
 
Introduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVAIntroduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVA
 
Campotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company Profile
 
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response Plan
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIE
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product School
 
My sample product research idea for you!
My sample product research idea for you!My sample product research idea for you!
My sample product research idea for you!
 
Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applications
 
Apex Replay Debugger and Salesforce Platform Events.pptx
Apex Replay Debugger and Salesforce Platform Events.pptxApex Replay Debugger and Salesforce Platform Events.pptx
Apex Replay Debugger and Salesforce Platform Events.pptx
 

A Strategy for Addressing Cyber Security Challenges

  • 1. A  Strategy  for  Addressing  Cyber   Security  Challenges   Mustaque  Ahamad   Professor  of  Computer  Science,  Georgia  Ins>tute  of  Technology   Global  Professor  of  Engineering,  New  York  University  Abu  Dhabi   Co-­‐founder  and  Chief  Scien>st,  Pindrop  Security  
  • 2. A  Couple  of  Observa>ons   •  Cyber  security  has  become  an  extremely   important  problem  for  people,  businesses  and   governments.   •  Addressing  cyber  security  challenges  presents   serious  challenges.   •  Cyber  now  reaches  into  cri>cal  physical   systems.   •  Cyber  security  is  going  to  be  a  journey,  not  a   des>na>on.  
  • 3. Are  Things  Really  Bad?   •  Growing  sophis>ca>on  of  the  threat  landscape   –  Cyber  criminals,  hack>vits,  terrorists  and  na>on-­‐states   –  Cyber  crime  costs  are  reaching  half  a  trillion  dollars  (In   India,  0.21%  of  GDP,  McAfee  2014  Report)   –  Greatest  transfer  of  wealth  (Keith  Alexander,   hXp://foreignpolicy.com/2012/07/09/nsa-­‐chief-­‐cybercrime-­‐cons>tutes-­‐the-­‐greatest-­‐transfer-­‐of-­‐wealth-­‐in-­‐history/  )   •  Complex  technology  ecosystem   –  “Reflec>ons  on  trus>ng  trust”   •  People,  processes  and  coordina>on  across   mul>ple  stakeholders    
  • 4. Threats  +  Vulnerabili>es  =>  AXacks   •  Can  we  make  threats  go  away?   •  AXribu>on  is  extremely  difficult   •  Global  and  transna>onal   •  How  can  we  address  vulnerabili>es?   •  Security  errors  in  sofware  (over  1700  entries  in  NVD  in  last   3  months)   •  Asymmetry  –  aXackers  only  need  to  find  one  bug,  we  need   to  fix  all   •  People  are  weak  links   •  Only  higher  assurance,  no  perfect  security   –  Stronger  preven>on  and  early  detec>on   –   Faster  recovery  and  remedia>on  
  • 5. So,  What  Can  We  Do?   •  Educa>on   – Developing  the  “security  mindset”   – Undergraduate  and  graduate  programs   •  Research   – Rapidly  evolving  field   •  Policy,  legal  and  regula>on   – It  is  much  more  than  technology  
  • 6. Educa>ng  Cyber  Security  Professionals   •  US  Na>onal  Ini>a>ve  for  Cybersecurity   Educa>on  (NICE)  hXp://csrc.nist.gov/nice/framework/    
  • 7. Capacity  Building  for  Educa>ng  Cyber   Security  Professionals   •  What  do  we  do?   –  Undergraduate  or  graduate  programs?   –  Integra>ng  security  concepts  in  CS  curriculum?   –  Voca>onal  programs?   •   How  do  we  do  it?   –  So,  where  do  we  find  cyber  security  faculty?   –  Developing  hands  on  projects  and  laboratories   •  US  Response   –  Centers  of  Excellence  Program  (NSA/DHS)   –  Scholarship-­‐for-­‐Service  (SFS)  Program)   –  NSF  SaTC  Educa>on  Projects   •  Curriculum  development,  sharing,  workshops  etc.  
  • 8. Research  Capacity  Building   •  Evolving  threat  landscape  and  rapidly   changing  technologies   – Gelng  ahead  of  emerging  threats   – “Test  and  verify”  rather  than  “trust  but  verify”   •  Diverse  set  of  research  challenges   – Trustworthiness  of  technology  to  human   dimension   •  Real-­‐world  impact  of  research   – Tech  transfer  and  commercializa>on  
  • 9. Example  I:  Malware  Analysis   •  Scalable  malware  analysis  system   processes  approximately  250K   samples  a  day   •  Extrac>ng  features  from   communica>on  paXerns   •  Big  data  due  to  deep  packet   analysis  and  event  volume   •  Machine  learning  for  aXribu>on   •  Visualiza>on  and  ac>onable   intelligence               Mariposa  Botnet   Tracking  and  Takedown  
  • 10. Example  II:  Data-­‐Driven  Cyber  Risk   •  Collect  cyber  risk  relevant  data   from  mul>ple  sources   – Vulnerabili>es   – Exploit  kits  and  malware   – AXack  data  (public  and     private)   •  Analy>cs  and  visualiza>on   – Lean  back  and  lean  forward               Calendar  view  of     reported  vulnerabili>es  
  • 11. Na>onal  R&D  Strategy:  US  Example   •  Na>onal  Science  Founda>on  Secure  and  Trustworthy   (SaTC)   –  Launched  afer  developing  a  na>onal  strategy  ( hXps://www.whitehouse.gov/sites/default/files/microsites/ostp/fed_cybersecurity_rd_strategic_plan_2011.pdf)   –  Interdisciplinary  including  behavioral  and  economic  aspects   •  DHS,  DARPA  and  NSA  Ini>a>ves   –  Cri>cal  infrastructure  security  (CPS)   –  Resilient  and  transparent  compu>ng   –  Science  of  security   •  Networking  and  Informa>on  Technology  Research  and   Development  (NITRD)  Program   –  Coordinated  across  mul>ple  agencies   –  High  level  goal  is  to  maintain  US  technological  leadership  in  this   field  
  • 12. Cyber  Security  Policy   •  Policy  development  is  as  important  as  best   technical  safeguards   •  Should  companies  and  government  agencies   required  to  prac>ce  certain  level  of  cyber   hygiene?   •  Informa>on  sharing  and  coordina>on   •  Privacy   •  Legal  and  enforcement  issues  
  • 13. Lessons  Learned   •  Educa>on  capacity  building   – Aggressively  support  centers  like  CERC  IIIT  Delhi     – CS  curriculum  needs  to  be  augmented  with  cyber   security  offerings  at  all  levels   – “Educa>ng  the  educators”  –  summer  schools,   workshops  and  hosted  programs   – What  do  we  do  about  faculty?   •  Incen>ves  for  CS  faculty  members  to  shif/expand  their   research  into  cyber  security   •  Be  crea>ve  (professor  of  prac>ce,  global  professor  etc.)  
  • 14. Lessons  Learned  Contd.   •  Research  capacity  building   –  You  cannot  be  a  major  player  without  a  strong  research  base     •  How  many  papers  at  security  conferences  from  India?   –  Launch/seed  a  few  ambi>ous  (and  high  risk)  research  projects   like  NSF’s  fron>ers   –  Start/get  security  conferences  to  India  to  grow  the  community   –  Applied  research  exper>se   •  Cannot  only  rely  on  security  vendor  professionals  for  crisis  handling   •  CDC  for  cyber,  CERT  2.0?   –  Coordina>on  across  Na>onal  Labs,  DRDO??   –  Home  grown  cyber  security  companies??  
  • 15. Lessons  Learned  Contd.   •  Cyber  security  is  much  more  than  technology   – Policy,  regulatory  and  legal  dimensions   – Cyber  security  maturity  model  and  best  prac>ces   – Preparedness  assessment   – Conversa>ons  at  the  highest  level  (WEF  ini>a>ve)   – Informa>on  sharing,  coordina>on  and  mutual  aid   – Informal  trust  networks  
  • 16. Conclusions   •  Cyber  risk  ranks  among  the  top  global  risks   (2015  WEF  Global  risks  report)   •  Na>onal  response  is  of  cri>cal  importance   •  Need  to  move  at  “network  speed”   •  It  is  all  about  capacity  building   •  Ignore  research  at  your  own  peril